BART ready for renewed protests after cyber attack

August 15, 2011
By PAUL ELIAS and JOHN S. MARSHALL , Associated Press

This screen shot taken from californiaavoaid.org, an organization sponsored by Bay Area Rapid Transit (BART), shows a page from the website after it and other BART-related sites were hacked by the hacker's group Anonymous on Sunday, Aug. 14, 2011. BART district officials said they were attempting Sunday to shut down the hacker's group website that lists the names of thousands of San Francisco Bay area residents who are email subscribers of myBART.org, a legitimate BART website. (AP Photo/californiaavoaid.org)

(AP) -- San Francisco's mass transit system prepared for renewed protests Monday, a day after hackers angry over blocked cell phone service at some transit stations broke into a website and posted company contact information for more than 2,000 customers.

The action by a hacker group known as Anonymous was the latest showdown between anarchists angry at perceived attempts to limit free speech and officials trying to control protests that grow out of social networking and have the potential to become violent.

Anonymous posted people's names, phone numbers, and street and email addresses on its own website, while also calling for a disruption of the Bay Area Rapid Transit's evening commute Monday.

BART officials said Sunday that they were working a strategy to try to block any efforts by protesters to try to disrupt the service.

"We have been planning for the protests that are said to be shaping up for tomorrow," BART spokesman Jim Allison said. He did not provide specifics, but said BART police will be staffing stations and trains and that the agency had already contacted San Francisco police.

The transit agency disabled the website, myBART.org, Sunday night after it also had been altered by apparent hackers who posted images of the so-called Guy Fawkes masks that anarchists have previously worn when showing up to physical protests.

The cyber attack came in response to the BART's decision to block wireless service in several of its San Francisco stations Thursday night as the agency aimed to thwart a planned protest over a transit police shooting. Officials said the protest had been designed to disrupt the evening commute.

Computer experts said the hackers appeared to exploit an obvious hole in the site's security. BART pays another company to operate the website that offers subscribers discounted tickets and keeps them apprised of events planned by the transit agency.

"I don't think Anonymous worked very hard," said Josh Shaul, chief technology officer of Application Security Inc., a New York-based data base security company. "This appears to be a low-tech attack. It's really very trivial to find these vulnerabilities."

"We are Anonymous, we are your citizens, we are the people, we do not tolerate oppression from any government agency," the hackers wrote on their own website. "BART has proved multiple times that they have no problem exploiting and abusing the people."

Allison described myBART.org as a "satellite site" used for marketing purposes. It's operated by an outside company and sends BART alerts and other information to customers, Allison said.

The names and contact info published by Sunday came from a database of 55,000 subscribers, he said. He did not know if the group had obtained information from all the subscribers, he said, adding that no bank account or credit card information was listed.

The BART computer problem was the latest hack the loosely organized group claimed credit for this year. Last month, the FBI and British and Dutch officials made 21 arrests, many of them related to the group's attacks on Internet payment provider PayPal Inc., which has been targeted over its refusal to process donations to WikiLeaks. The group also claims credit for disrupting the websites of Visa and MasterCard in December when the credit card companies stopped processing donations to WikiLeaks and its founder, Julian Assange.

BART's decision to shut down wireless access was criticized by many as heavy handed, and some raised questions about whether the move violated free speech.

The problems began Thursday night when BART officials blocked wireless access to disrupt organization of a demonstration protesting the July 3 shooting death by BART police who said the 45-year-old victim was wielding a knife.

Activists also remain upset by the 2009 death of Oscar Grant, an unarmed black passenger who was shot by a white officer on an Oakland train platform. The officer quit the force and was convicted of involuntary manslaughter after the shooting.

Facing backlash from civil rights advocates and one of its own board members, BART has defended the decision to block cell phone use, with Allison saying the cell phone disruptions were legal because the agency owns the property and infrastructure.

"I'm just shocked that they didn't think about the implications of this. We really don't have the right to be this type of censor," Lynette Sweet, who serves on BART's board of directors, said previously. "In my opinion, we've let the actions of a few people affect everybody. And that's not fair."

Laura Eichman was among those whose email and home phone number were published by the hackers Sunday.

"I think what they (the hackers) did was illegal and wrong. I work in IT myself, and I think that this was not ethical hacking. I think this was completely unjustified," Eichman said.

She said she doesn't blame BART and feels its action earlier in the week of blocking cell phone service was reasonable.

"It doesn't necessarily keep me from taking BART in the future but I will certainly have to review where I set up accounts and what kind of data I'm going to keep online," Eichman said.

Michael Beekman of San Francisco told the AP that he didn't approve of BART's move to cut cell phone service or the Anonymous posting.

"I'm not paranoid but i feel like it was an invasion of privacy," he said. "I thought I would never personally be involved in any of their (Anonymous') shenanigans."

The group Anonymous, according to its website, does "not tolerate oppression from any government agency," and it said it was releasing the User Info Database of MyBart.gov as one of many actions to come.

"We apologize to any citizen that has his information published, but you should go to BART and ask them why your information wasn't secure with them," the statement said.

Related Stories

(AP) -- Hackers broke into a website for San Francisco's mass transit system Sunday and posted contact information for more than 2,000 customers, the latest showdown between anarchists angry at perceived attempts to limit ...

(AP) -- Police said Friday they are investigating if hackers were responsible for taking down websites of police and prosecutors in the Netherlands after the arrest of a 16-year-old for involvement in a cyberattack on several ...

A hacker group on Saturday claimed it has "defaced and destroyed" websites at scores of US police agencies in retaliation for the arrest of suspected peers accused of hacking into the CIA, British crime agency SOCA, and ...

On the theory that a driver who knows when a red light will turn green is more relaxed and aware, vehicle manufacturer Audi is unveiling this week in Las Vegas a technology that enables vehicles to "read" traffic signals ...

There you are, cruising down the freeway, listening to some tunes and enjoying the view as your autonomous car zips and swerves through traffic. Then the fun ends and it becomes time take over the wheel. How smooth is that ...